PBKDF2
PBKDF2 (Password-Based Key Derivation Function 2) is a widely used KDF that applies a pseudorandom function (HMAC) repeatedly to slow down password guessing. In VeraCrypt, PBKDF2 is available with several HMAC hash functions and is used to derive the keys that decrypt a volume header.
PBKDF2-HMAC Variants Supported in VeraCrypt
Parameters in VeraCrypt
Salt
A 512-bit random salt (stored in the volume header) is mixed into the password to prevent precomputation and rainbow-table attacks.
Iteration Count
The number of PBKDF2 iterations depends on the selected HMAC hash, the context (e.g., system vs. non-system encryption), and the
PIM value. Increasing PIM increases the iteration count and thus the time required to derive keys. For exact values and formulas, see
Header Key Derivation, Salt, and Iteration Count.
Output Length
The derived key length depends on the selected encryption algorithm(s) (e.g., 256 bits for AES-256, 768 bits for AES-Twofish-Serpent cascades).
Advantages and Considerations
- Broad compatibility: PBKDF2 is widely supported across platforms and environments.
- Low memory requirements: Suitable for constrained systems.
- Not memory-hard: Compared to Argon2id, PBKDF2 offers less resistance to attacks using massively parallel hardware (GPUs/ASICs). Consider raising PIM if you must use PBKDF2.
Related Topics
